1 Nov
2019
1 Nov
'19
2:08 p.m.
Hello,
On Fri, Nov 01, 2019 at 08:09:49AM +0000, ed-bitfolk(a)s5h.net wrote:
One of the counter measures (and thing I didn't
suggest during an
interview for an SRE at a large search company) is to enable SYN
cookies, look at drawbacks though. This turns the three-way handshake
into four way, and doesn't steal space from the state table until the
third state of the now four-way handshake.
https://en.wikipedia.org/wiki/SYN_cookies
I do actually use SYN cookies myself so this may explain why I don't
see this for any of BitFolk's own stuff.
Those of you who are seeing alerts, do you have SYN cookies enabled
and if not, does enabling them stop it happening?
Of course nothing will stop the actual spoofed SYN packets, but they
aren't very high rate so as long as your SYN queue is not filling up
you probably don't need to care.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting